Bring your own device (BYOD) is a business policy of employees being allowed to bring personally owned computing devices, including mobile devices, to their place of work for use in lieu of or to supplement company-provided computing devices. Organizations allowing BYOD often allow these personal devices to be used to access enterprise networks and software systems, privileged company resources such as email, file servers and databases, in addition to the personal applications and data present on the personal device. Further, “consumerization of information technology” (CoIT) is the growing tendency for new information technology to emerge first in the consumer market and then spread into business and government organizations.
With rising incidence of BYOD and CoIT, enterprise security managers and administrators face an increasingly difficult task in ensuring compliance with legal, administrative, and organizational policies, including security policies. As examples, a doctor using their own tablet to access patient records, a travelling salesperson using their own device to store price lists and other company sensitive information, and employees using a cloud storage and retrieval service to access and share work-related items from outside the office can compromise other efforts to ensure compliance with relevant policies of an organization.